Hi
I am trying to call a simple defeated web-site using HttpWebRequest.
To do this I try to mock the flow that happens when a client calls the web-site using a browser.
- Call the web page.
- Get a 302 response (redirect to the STS)
- Go to the STS and get a token (The token is returned in a http form)
- Handle the http form and issue a POST request to the web-site (with the saml token)
I created a simple hello-world web site, using wif (4.5) and a local development STS.
When this flow runs on a browser everything works great, yet when my code is acting as the client the web-site refuse the last request (4) and redirect the request back to the STS.
Using fiddler I made sure that my request is the same as the one sent by the browser but still something is missing.
I am using KeepAlive =true to make the same http connection will be used on request (1) and (4) but nothing helps.
If someone has an Idea ...
Here is the code:
var serviceAddress = @"http://manu-lap/SimpleWebApplication/";
ServicePointManager.Expect100Continue = false;
//send the request to the site
string responseString;
HttpWebRequest objRequest1 = (HttpWebRequest)WebRequest.Create(serviceAddress);
objRequest1.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
objRequest1.UserAgent = @"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31";
objRequest1.KeepAlive = true;
objRequest1.Headers.Add("Accept-Encoding", "zip,deflate,sdch");
objRequest1.Headers.Add("Accept-Language", "en-GB,en-US;q=0.8,en;q=0.6");
objRequest1.Headers.Add("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.3");
HttpWebResponse objResponse1 = (HttpWebResponse)objRequest1.GetResponse();
using (StreamReader sr = new StreamReader(objResponse1.GetResponseStream()))
{
responseString = sr.ReadToEnd();
}
//Parse the token from the http form we got as a response
var responseElement = XElement.Parse(responseString);
StringBuilder sb = new StringBuilder();
foreach (var input in responseElement.Descendants("input"))
{
if (input.Attribute("type").Value != "submit")
{
sb.Append(input.Attribute("name").Value);
sb.Append("=");
sb.Append(input.Attribute("value").Value);
sb.Append("&");
}
}
var postString = HttpUtility.UrlEncode(sb.ToString(0, sb.Length - 1));
//send the token in a POST request to the web-page
HttpWebRequest objRequest = (HttpWebRequest)WebRequest.Create(serviceAddress);
objRequest.Method = "POST";
objRequest.ContentLength = postString.Length;
objRequest.ContentType = "application/x-www-form-urlencoded";
objRequest.Referer = @"http://localhost:12562/wsFederationSTS/Issue/?wa=wsignin1.0&wtrealm=http%3a%2f%2fmanu-lap%2fSimpleWebApplication&wctx=rm%3d0%26id%3dpassive%26ru%3d%252fSimpleWebApplication%252f&wct=" + HttpUtility.UrlEncode(DateTime.UtcNow.ToString("s") + "Z");
objRequest.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
objRequest.UserAgent =@"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31";
objRequest.KeepAlive = true;
objRequest.Headers.Add("Cache-Control", "max-age=0");
objRequest.Headers.Add("Origin", @"http://localhost:12562");
objRequest.Headers.Add("Accept-Encoding", "zip,deflate,sdch");
objRequest.Headers.Add("Accept-Language", "en-GB,en-US;q=0.8,en;q=0.6");
objRequest.Headers.Add("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.3");
// Read the result
StreamWriter myWriter = null;
try
{
myWriter = new StreamWriter(objRequest.GetRequestStream());
myWriter.Write(postString);
}
finally
{
myWriter.Close();
}
string result;
HttpWebResponse objResponse = (HttpWebResponse)objRequest.GetResponse();
using (StreamReader sr = new StreamReader(objResponse.GetResponseStream()))
{
result = sr.ReadToEnd();
}
Console.WriteLine(result);Manu